ZeroTierOne icon indicating copy to clipboard operation
ZeroTierOne copied to clipboard
verified publisher icon zerotier

ZeroTier will ignore interfacePreflxBlacklist when in relay mode

Open joseph-henry opened this issue 1 year ago • 3 comments

When given the local.conf config:

{
        "settings": {
                "interfacePrefixBlacklist": ["ethX"]
        }
}

ZeroTier will initially obey the blacklist but when/if allowed to relay it will ignore the blacklist.

Will fix soon.

joseph-henry avatar Sep 05 '24 20:09 joseph-henry

Also, blacklist IPs does not work when in relay mode.

{
  "physical": {
    "10.0.0.0/8": {
      "blacklist": true
    },
    "172.16.0.0/12": {
      "blacklist": true
    },
    "192.168.0.0/16": {
      "blacklist": true
    }
  }
}

this has no effect and the managed routes are still added:

192.168.0.0/24     172.24.xxx.xxx    UGS    zt9nrk98
192.168.1.0/24     172.24.xxx.xxx     UGS    zt9nrk98

pacmac avatar Jan 06 '25 05:01 pacmac

The physical property only applies to physical network interfaces. I'm don't there's a way to block a specific virtual IP or Route. You can disable "allowManaged" on the client to prevent all management of the zerotier interface.

zerotier-cli set {network_id} allowManaged=0

laduke avatar Jan 06 '25 17:01 laduke

Any updates? I have the same issue. I added local.conf on win11 in C:\ProgramData\ZeroTier\One restarted zero tire service and and interfacePrefixBlacklist doesn't appear in the output of zerotier-cli.bat info -j

Looks like zero tire doesn't read this file at all

isorochan avatar Jan 09 '25 15:01 isorochan